CVE-2021-36957 – CVE-2021-36957 is an elevation of privilege vul... (How to Fix)

Q: What is the severity of CVE-2021-36957?

CVE-2021-36957 has a CVSS score of 7.8 (HIGH). CVE-2021-36957 is an elevation of privilege vulnerability in Windows Desktop Bridge that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects Windows 10 and Windows 11 systems where Desktop Bridge applications are installed. Attackers need local access to exploit this vulnerability.

📋 TL;DR

CVE-2021-36957 is an elevation of privilege vulnerability in Windows Desktop Bridge that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects Windows 10 and Windows 11 systems where Desktop Bridge applications are installed. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Windows Desktop Bridge

Versions: Windows 10 versions 1809, 1909, 2004, 20H2, 21H1; Windows 11

Operating Systems: Windows 10, Windows 11

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Desktop Bridge applications to be installed. Systems without Desktop Bridge apps may not be vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling installation of persistent malware, credential theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install additional malware, or access sensitive system resources.

🟢

If Mitigated

Limited impact if proper access controls and least privilege principles are enforced, though local attackers could still gain elevated privileges.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Any authenticated user on affected systems can potentially exploit this to gain SYSTEM privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated user access. Proof-of-concept code has been publicly released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates from August 2021 or later

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36957

Restart Required: Yes

Instructions:

1. Apply Windows security updates from August 2021 or later. 2. Use Windows Update or download from Microsoft Update Catalog. 3. Restart system after installation.

🔧 Temporary Workarounds

Disable Desktop Bridge

windows

Remove or disable Desktop Bridge applications if not required

Remove Desktop Bridge apps via Settings > Apps > Apps & features

🧯 If You Can't Patch

Implement strict access controls and least privilege principles
Monitor for suspicious privilege escalation attempts and unauthorized SYSTEM privilege usage

🔍 How to Verify

Check if Vulnerable:

Check Windows version and update status. Systems without August 2021 security updates are vulnerable.

Check Version:

winver

Verify Fix Applied:

Verify Windows Update history shows August 2021 security updates installed

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing unexpected privilege escalation
Security logs with SYSTEM privilege abuse

Network Indicators:

Unusual outbound connections from systems after local privilege escalation

SIEM Query:

EventID=4688 AND NewProcessName LIKE '%SYSTEM%' AND SubjectUserName NOT IN (expected_admin_users)

📊 Metadata

CVE ID: CVE-2021-36957

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: November 10, 2021

Last Updated: November 21, 2024

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36957 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36957 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36957, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Desktop Bridge

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities